Instant Chat with per Session RSA Keys
by
Patrick Kolenic
Boise State University

There are several issues with using RSA encryption in chat systems. The biggest is that it can be a hassle to generate a new key once your key has been compromised, assuming you know it has been compromised. In this talk we will explain how to resolve this issue by using a per session RSA key. When a user creates an account an RSA key is generated that only the chat server and the user knows, this becomes a pseudo symmetric key. Then when the user logs in to use the chat system they are provided with a public key to send messages to the server. The modulus is chosen randomly from an ever growing list of moduli that are relatively prime to each other. The public encryption key is generated based on a Universally Unique ID (UUID). How this over all system works is that the user will encrypt messages that are sent to the server. The server will then decrypt the messages and then re-encrypt them for each user in that chat room. This not only solves the issue of users having public keys that are exposed to attacks, but also reduces the vulnerability of sending the same message to multiple recipients. The overall goal is to provide the benifits of RSA on a chat system without causing excessive delay in message traffic.

Date received: November 20, 2009